Information
Apple provides privacy protection that should be enabled for the mail app on macOS to reduce information collection from a user that receives email.
Email is routinely abused by attackers, spammers and marketers. The "Protect Mail Activity" control reduces risk by hiding the current IP address of your Mac and privately downloading remote content.
The Protect Mail Activity function of privately downloading remote content is not applicable for those users that do not download any remote content. Typical Internet email is no longer plain text and will not render properly without remote content. Personal email or mailing list email may function without complaint by blocking remote content.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Graphical Method:
Perform the following steps to enabled protect mail activity:
- Open Mail
- Select Mail in the menu bar
- Select Settings...
- Select Privacy
- Set Protect Mail Activity to enabled
Impact:
Some remote content may be access-controlled and refuse to download with this setting enabled.